A year ago, AI regulation was mostly theoretical everywhere you looked. In the US, Colorado had passed a comprehensive AI law that hadn’t taken effect, and California’s SB 1047 had just been vetoed. In Brussels, the AI Act existed on paper, with the bulk of its obligations still a year or more from applying. Congress was talking, not legislating.
Over the last twelve months, that changed. Three US states built the first real accountability framework for frontier AI developers. A fourth tore up its own law and started over. The EU renegotiated its own flagship regulation under industry pressure. The federal government opened a direct legal fight with the states over who even gets to set the rules. None of this has settled into something stable. Most of it already applies to somebody.
This guide covers what changed, who it applies to, and what to do about it depending on where your company sits.
Quick reference: the major laws at a glance
| Law | Jurisdiction | Who’s covered | Effective date | Key requirement |
|---|---|---|---|---|
| SB 53 (Transparency in Frontier AI Act) | California | Frontier developers, $500M+ revenue | January 1, 2026 | Published safety framework, incident reporting, whistleblower protections |
| RAISE Act | New York | Frontier developers, $500M+ revenue | December 2025, amended March 2026 | Same core model as SB 53, with $1M/$3M penalties |
| AI Safety Measures Act (AISMA) | Illinois | Large frontier developers, $500M+ revenue | January 1, 2027 | Everything above, plus mandatory annual third-party audits |
| SB 26-189 (ADMT) | Colorado | Developers and deployers of automated decision-making tech | January 1, 2027 | Risk management, impact assessments, disclosures for consequential decisions |
| TRAIGA (HB 149) | Texas | Developers and deployers doing business in Texas | January 1, 2026 | Prohibits specific restricted uses (CSAM, unlawful deepfakes, self-harm encouragement) |
| EU AI Act, Annex III (high-risk, standalone) | European Union | Providers/deployers of high-risk systems (hiring, credit, education, law enforcement) | December 2, 2027 | Risk management, technical documentation, conformity assessment |
| EU AI Act, Annex I (high-risk, embedded) | European Union | AI embedded in regulated products (medical devices, machinery, vehicles) | August 2, 2028 | Same as above, aligned with existing product safety regimes |
| EU AI Act, Article 50 | European Union | Any provider of generative AI reaching EU users | August 2, 2026 (watermarking: Dec 2, 2026 for legacy systems) | AI-interaction disclosure, content watermarking and provenance |
| EU AI Act, Article 5 (amended) | European Union | Any generative image/audio/video system | December 2, 2026 | Ban on non-consensual intimate imagery and CSAM generation |
| Executive Order 14365 | US federal | All US states with AI laws | December 11, 2025 | Directs DOJ litigation task force and funding conditions aimed at preempting state AI laws |
Who’s actually affected
AI regulation over the past year splits into obligations that fall on a handful of companies and obligations that fall on nearly everyone who touches AI in a regulated way.
A small number of frontier model developers carry the heaviest new load. California, New York, and Illinois all define their frontier transparency laws around a $500 million revenue threshold and a massive compute threshold, which in practice means five to ten companies: OpenAI, Anthropic, Google DeepMind, Meta, Microsoft, and a few others. If you’re not building foundation models at that scale, these specific laws don’t reach you directly, though they shape what your AI vendors are required to disclose to you.
Employers and anyone using AI in hiring, credit, or other consequential decisions are squarely in scope of a much wider set of rules: Colorado’s new ADMT law, New York City’s Local Law 144, and the EU AI Act’s Annex III high-risk category, which explicitly names recruitment, credit scoring, and performance evaluation. This is the category most companies actually fall into, even if they’ve never thought of themselves as an “AI company.”
Anyone shipping generative AI features into the EU has an obligation coming regardless of size: watermarking and content-provenance disclosure under Article 50 of the AI Act. It isn’t limited to large platforms. If your product generates text, image, audio, or video for EU users, it applies to you.
Companies building or deploying companion chatbots, especially anything reachable by minors, face a fast-moving set of state rules on crisis-response protocols and disclosure, regardless of company size.
Everyone else is affected indirectly but not lightly: through vendor risk, since your AI vendors now have to disclose more and you need to be able to evaluate what they disclose; through data provenance obligations if you use third-party training data; and through a general expectation, now showing up in law, that a company should be able to explain what its AI systems do with data.
The US frontier three: California, New York, Illinois
California SB 53 (Transparency in Frontier AI Act) came first, signed September 2025, in force since January 2026. It requires large frontier developers to publish safety frameworks, report critical incidents, and protect whistleblowers, and it lets a company satisfy California’s law by meeting a comparable federal or foreign standard instead of filing twice.
New York’s RAISE Act, signed December 2025 and amended in March 2026 to align with California’s approach, now carries penalties of up to $1 million for a first violation and $3 million for repeat offenses, down from the $10 million/$30 million the legislature originally passed.
Illinois’s AI Safety Measures Act (AISMA), signed July 6, 2026, effective January 1, 2027, uses the same $500 million threshold but adds a first-in-the-nation requirement: mandatory annual independent third-party audits, every year, for as long as a company stays covered.
Together, these three states cover roughly 40 percent of the US AI market. Lawmakers in all three have said plainly that this is a deliberate attempt to build a de facto national standard while Congress stays on the sidelines.
The US comprehensive laws that couldn’t hold their shape
Colorado got there first with SB 205 in 2024, but it never actually took effect. Delayed twice under industry pressure, it was ultimately repealed and replaced by SB 26-189, which narrows the focus from broad “high-risk AI” to a more specific automated decision-making technology regime, with obligations starting January 2027.
Texas TRAIGA, in force since January 2026, took the narrower route from the start: rather than broad risk assessments, it prohibits specific uses, including AI-generated CSAM, unlawful deepfakes, and systems designed to encourage self-harm.
Comprehensive, high-risk AI acts modeled on Colorado’s original approach have mostly lost ground over the past two years to narrower, harm-specific rules and to the frontier-developer model above.
The EU AI Act and the Digital Omnibus: new timeline, same rules
The EU AI Act is still the broadest AI framework in the world, and it’s still in force. What changed this year is the timeline, and in a few places, the substance.
By late 2025, the Act’s original schedule was in trouble. The technical standards and harmonized guidance companies needed to comply with high-risk obligations weren’t ready, and national competent authorities weren’t fully designated. The European Commission published the Digital Omnibus on AI on November 19, 2025, proposing to defer the most demanding parts of the Act.
After two rounds of trilogue negotiation, the Parliament and Council reached political agreement on May 7, 2026, formally adopted through June. Here’s where the timeline landed:
- High-risk obligations for standalone systems (Annex III: recruitment, credit scoring, law enforcement, education, border control) move from August 2, 2026 to December 2, 2027.
- High-risk obligations for AI embedded in regulated products (Annex I: medical devices, machinery, vehicles) move to August 2, 2028.
- General transparency obligations under Article 50, including disclosing to users that they’re interacting with an AI system, are unaffected and still apply from August 2, 2026.
- Watermarking specifically (Article 50(2)) gets a shorter grace period, pushed to December 2, 2026, for systems already on the market.
- A new prohibition, added during negotiation rather than in the Commission’s original proposal, bans AI systems that generate non-consensual intimate imagery or CSAM, including “nudifier” apps, effective December 2, 2026.
- Foundation model obligations under Articles 51 through 55, in force since August 2025, are untouched by any of this.
Law firms tracking the negotiation are consistent on one point: the underlying obligations survived intact, and only the calendar moved. The risk-based architecture, the high-risk categories, and the core requirements remain what they were. Companies that treat the extra sixteen months as a pause are setting up for a compressed scramble in late 2027. The companies in the strongest position are using this window to inventory every AI system in use, classify it against Annex III and Annex I, and map what data each one touches, so that when the standards finalize, the compliance work is mostly documentation rather than discovery.
The narrower bills that added up fast
Away from the headline frameworks, a much larger volume of narrower legislation reshaped specific corners of the landscape. Companion chatbots and mental health became their own category, largely in response to reported harms to minors: Illinois barred unlicensed AI from providing psychotherapy in August 2025, California’s Companion Chatbots Act now requires crisis-response protocols, and New York has similar legislation in progress. Content provenance rules are catching up with generative media on both sides of the Atlantic, with California’s AI Transparency Act (delayed to August 2026) and its GenAI Training Data Transparency Act sitting alongside the EU’s Article 50 disclosure requirements. Employment AI oversight kept expanding around New York City’s Local Law 144 and its bias-audit requirements for hiring tools.
The US federal collision course
While states legislated, the federal government built toward a fight over whether any of it can stand. Executive Order 14365, signed December 11, 2025, directs the Department of Justice to stand up an AI Litigation Task Force to sue states over “onerous” AI laws, ties broadband funding to state compliance, and names Colorado’s law directly as a target. It carves out child safety, AI infrastructure, and government procurement from any preemption push.
An executive order cannot preempt state law on its own. Only Congress or the courts can, and neither has yet. The advice from every firm tracking this is the same: keep complying with the state laws that apply to you now. This fight will take years, not months, to resolve.
How to prepare, depending on where you sit
If you’re a large frontier developer (California, New York, or Illinois thresholds): your obligations are already live or landing within the year. You need a published, annually updated safety framework, incident reporting infrastructure with tight timelines (72 hours in most cases), whistleblower protection processes, and, starting with Illinois, standing readiness for an independent third-party audit every year, not just once. Most companies underestimate this last one. An auditor doesn’t want a policy document. They want evidence: what data trained the model, what data it can access at inference and during internal use, who has access to what, and a record showing this hasn’t drifted since the last audit.
If you’re an enterprise deploying AI in hiring, lending, or other consequential decisions: Colorado’s ADMT law, NYC Local Law 144, and the EU AI Act’s Annex III category all converge on the same requirement, know what data feeds the decision, document it, and be able to produce a bias audit or impact assessment on demand. This holds whether you built the model or bought it from a vendor.
If you ship generative AI features into the EU: watermarking and disclosure infrastructure needs to be operational by December 2, 2026 for systems already on the market. Engineering teams should be building this now, since seven months is a tight window for UI labeling, metadata embedding, and detection capability.
If none of the above apply directly: the lowest-risk position is still an active one. Inventory what AI systems you use, whether built or bought, and know what data each one touches. State and federal rules are moving in different directions at the same time, so the only durable strategy is data-level readiness that doesn’t depend on which jurisdiction’s specific paperwork wins out.
4 steps to get ahead of the AI regulatory wave
Every obligation above, regardless of which law or which jurisdiction, comes back to the same operational question: what data does this AI system touch, and can you prove it. Increasingly, that question extends past models to the agents built on top of them. An AI agent that can read a database, trigger a workflow, or take action on a customer’s behalf carries the same data exposure as the model underneath it, and most enterprises can’t yet say how many of those agents are running, what data they can reach, or what they’re doing with it. This is where the idea of a control plane matters: a single layer that governs data itself, together with every model and agent that touches it, rather than trying to bolt governance onto each tool after the fact.
BigID operates as that control plane, built around contextual risk: understanding what’s happening across data, across agents, and everything in between. That combination of visibility and control means seeing the full picture and then acting on it, remediating risk before it becomes an incident or an audit finding. Here’s what that looks like in practice, broken into four workstreams.
1. Find every AI system and agent in use, and the data each one can reach
Compliance teams can’t classify or document a system they don’t know is running, and shadow AI and agent adoption inside most enterprises is well ahead of what’s on any official inventory. BigID discovers AI tools, models, and agents, and automatically understands the data they touch, so the inventory every one of these laws assumes you already have actually exists.
2. Know what data trained or feeds each model.
Auditors under Illinois’s law, EU notified bodies under Annex III, and internal risk committees everywhere will all ask the same question in different words: where did this model’s data come from, and what can it reach now. BigID maps data lineage and model-to-data relationships automatically, turning a manual research project into something you can generate on demand.
3. Classify sensitive data before an AI system or agent touches it
Bias assessments, high-risk documentation, and internal-use risk reviews all depend on knowing which data is sensitive in the first place. BigID classifies data at the source across structured and unstructured systems, so sensitivity is known before a model or agent gets near it rather than discovered after an incident.
4. Govern and monitor access, then keep the evidence
Whistleblower protections, incident reporting windows, and annual audits all assume you can show who and what, including autonomous agents, could reach a model and its data at any given time, not just today. BigID monitors data access and activity continuously and retains that record, so the evidence trail an audit needs already exists rather than needing to be reconstructed under deadline pressure.
The regulatory theories differ by state and by continent. The operational answer, in nearly every case, starts in the same place: knowing your data well enough to show your work, whenever a regulator asks.
See it in action
The fastest way to understand how this applies to your own environment is to see it against your own data. Take a self guided tour or book a live demo with a BigID expert to walk through how discovery, lineage, classification, and access governance map to the specific laws your company falls under.
Frequently asked questions
Does any of this apply to companies that just use AI, without building their own models? Yes, for most of the laws in the “who’s affected” section above. The frontier developer laws (California, New York, Illinois) apply narrowly to the largest model builders. Nearly everything else, Colorado’s ADMT law, NYC’s Local Law 144, the EU AI Act’s Annex III, applies to companies deploying AI in consequential decisions regardless of whether they built the underlying model.
What happens if EU and US requirements conflict? So far, they largely differ in scope and timing rather than conflict outright. The bigger practical risk is treating them as separate compliance tracks when the underlying data work, knowing what data an AI system touches and being able to document it, is nearly identical across both. Building that capability once tends to serve every jurisdiction rather than requiring a separate program per region.
Has any state AI law actually been struck down or preempted? No. Executive Order 14365 directs federal agencies to challenge certain state AI laws and sets up a DOJ litigation task force to do so, but as of this writing no court or federal statute has preempted any state AI law. Legal analysts broadly expect this to take years to resolve, not months.
Is the EU AI Act’s delay a sign it’s being weakened? The text of the agreement doesn’t support that read. The Digital Omnibus pushed back the compliance dates for high-risk systems because the technical standards and guidance needed to comply weren’t ready in time. The risk categories, the core requirements, and the foundation model rules already in force are untouched.
What’s the single highest-value thing a company can do right now, regardless of which laws apply? Build an accurate, current inventory of every AI system and agent in use and the data each one touches. It’s the prerequisite for compliance with essentially every law in this guide, and it’s also the piece most companies are missing.
Glossary: terms this landscape assumes you know
Frontier developer / frontier model: A company that has trained, or is training, a foundation model above a defined computing-power threshold (10^26 FLOPs in California’s framework). “Large frontier developer” adds a revenue threshold, generally $500 million, and is the category that triggers the heaviest obligations.
ADMT (Automated Decision-Making Technology): Colorado’s term for software that processes personal data to make or materially inform a consequential decision, such as hiring, lending, or housing.
HRAIS (High-Risk AI System): The EU AI Act’s term for a system in a defined high-risk category, split between Annex III (standalone systems like recruitment or credit scoring tools) and Annex I (AI embedded in already-regulated products like medical devices).
Catastrophic risk: The threshold most US frontier laws use to define the harms they’re trying to prevent, generally incidents that could contribute to death or serious injury of 50 or more people, or cause damages above roughly $1 billion.
Critical safety incident: An event a frontier developer must report to regulators within a fixed window, typically 72 hours, or 24 hours if there’s imminent risk of death or serious injury.
Preemption: The legal principle that a higher level of government’s law overrides a conflicting lower-level law. In this landscape, it refers specifically to the open question of whether federal action can override state AI laws. As of this writing, none has.
Digital Omnibus: The European Commission’s package of amendments to the AI Act (and related digital laws) aimed at simplifying implementation and adjusting timelines, not at rewriting the Act’s core structure.
Agentic control plane: The governance layer that gives visibility into, and control over, autonomous AI agents and the data they can access, act on, and move, distinct from the models or applications the agents run on top of.
